@@ -879,7 +879,7 @@ def getTables(self, bruteForce=None):
879879 if conf .excludeSysDbs :
880880 query += " WHERE "
881881 query += " AND " .join ("%s != '%s'" % (condition , unsafeSQLIdentificatorNaming (db )) for db in self .excludeDbsList )
882- infoMsg = "skipping system database%s: %s " % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
882+ infoMsg = "skipping system database%s '%s' " % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
883883 logger .info (infoMsg )
884884 elif not Backend .isDbms (DBMS .SQLITE ):
885885 query += " WHERE "
@@ -1922,7 +1922,7 @@ def searchDb(self):
19221922
19231923 if conf .excludeSysDbs :
19241924 exclDbsQuery = "" .join (" AND '%s' != %s" % (unsafeSQLIdentificatorNaming (db ), dbCond ) for db in self .excludeDbsList )
1925- infoMsg = "skipping system database%s: %s " % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
1925+ infoMsg = "skipping system database%s '%s' " % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
19261926 logger .info (infoMsg )
19271927 else :
19281928 exclDbsQuery = ""
@@ -2035,20 +2035,25 @@ def searchTable(self):
20352035 infoMsg += " '%s'" % unsafeSQLIdentificatorNaming (tbl )
20362036 logger .info (infoMsg )
20372037
2038- if conf .excludeSysDbs :
2039- exclDbsQuery = "" .join (" AND '%s' != %s" % (unsafeSQLIdentificatorNaming (db ), dbCond ) for db in self .excludeDbsList )
2040- infoMsg = "skipping system database%s: %s" % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
2038+ if conf .db and conf .db != "CD" :
2039+ _ = conf .db .split ("," )
2040+ whereDbsQuery = "" .join (" AND '%s' = %s" % (unsafeSQLIdentificatorNaming (db ), dbCond ) for db in _ )
2041+ infoMsg = "for database%s '%s'" % ("s" if len (_ ) > 1 else "" , ", " .join (db for db in _ ))
2042+ logger .info (infoMsg )
2043+ elif conf .excludeSysDbs :
2044+ whereDbsQuery = "" .join (" AND '%s' != %s" % (unsafeSQLIdentificatorNaming (db ), dbCond ) for db in self .excludeDbsList )
2045+ infoMsg = "skipping system database%s '%s'" % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
20412046 logger .info (infoMsg )
20422047 else :
2043- exclDbsQuery = ""
2048+ whereDbsQuery = ""
20442049
20452050 tblQuery = "%s%s" % (tblCond , tblCondParam )
20462051 tblQuery = tblQuery % tbl
20472052
20482053 if isTechniqueAvailable (PAYLOAD .TECHNIQUE .UNION ) or isTechniqueAvailable (PAYLOAD .TECHNIQUE .ERROR ) or conf .direct :
20492054 query = rootQuery .inband .query
20502055 query += tblQuery
2051- query += exclDbsQuery
2056+ query += whereDbsQuery
20522057 values = inject .getValue (query , blind = False )
20532058
20542059 for foundDb , foundTbl in filterPairValues (values ):
@@ -2071,7 +2076,7 @@ def searchTable(self):
20712076
20722077 query = rootQuery .blind .count
20732078 query += tblQuery
2074- query += exclDbsQuery
2079+ query += whereDbsQuery
20752080 count = inject .getValue (query , inband = False , error = False , expected = EXPECTED .INT , charsetType = 2 )
20762081
20772082 if not isNumPosStrValue (count ):
@@ -2088,7 +2093,7 @@ def searchTable(self):
20882093 for index in indexRange :
20892094 query = rootQuery .blind .query
20902095 query += tblQuery
2091- query += exclDbsQuery
2096+ query += whereDbsQuery
20922097 if Backend .isDbms (DBMS .DB2 ):
20932098 query += ") AS foobar"
20942099 query = agent .limitQuery (index , query )
@@ -2189,7 +2194,7 @@ def searchColumn(self):
21892194 column = safeSQLIdentificatorNaming (column )
21902195
21912196 if Backend .isDbms (DBMS .DB2 ):
2192- column = column .upper ()
2197+ column = column .upper ()
21932198
21942199 infoMsg = "searching column"
21952200 if colConsider == "1" :
@@ -2199,21 +2204,29 @@ def searchColumn(self):
21992204
22002205 foundCols [column ] = {}
22012206
2202- if conf .excludeSysDbs :
2203- exclDbsQuery = "" .join (" AND '%s' != %s" % (db , dbCond ) for db in self .excludeDbsList )
2204- infoMsg = "skipping system database%s: %s" % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
2207+ if conf .db and conf .db != "CD" :
2208+ _ = conf .db .split ("," )
2209+ whereDbsQuery = "" .join (" AND '%s' = %s" % (unsafeSQLIdentificatorNaming (db ), dbCond ) for db in _ )
2210+ infoMsg = "for database%s '%s'" % ("s" if len (_ ) > 1 else "" , ", " .join (db for db in _ ))
2211+ logger .info (infoMsg )
2212+ elif conf .excludeSysDbs :
2213+ whereDbsQuery = "" .join (" AND '%s' != %s" % (unsafeSQLIdentificatorNaming (db ), dbCond ) for db in self .excludeDbsList )
2214+ infoMsg = "skipping system database%s '%s'" % ("s" if len (self .excludeDbsList ) > 1 else "" , ", " .join (db for db in self .excludeDbsList ))
22052215 logger .info (infoMsg )
22062216 else :
2207- exclDbsQuery = ""
2217+ whereDbsQuery = ""
22082218
22092219 colQuery = "%s%s" % (colCond , colCondParam )
22102220 colQuery = colQuery % unsafeSQLIdentificatorNaming (column )
22112221
22122222 if isTechniqueAvailable (PAYLOAD .TECHNIQUE .UNION ) or isTechniqueAvailable (PAYLOAD .TECHNIQUE .ERROR ) or conf .direct :
2213- query = rootQuery .inband .query
2214- query += colQuery
2215- query += exclDbsQuery
2216- values = inject .getValue (query , blind = False )
2223+ if not all ((conf .db , conf .tbl )):
2224+ query = rootQuery .inband .query
2225+ query += colQuery
2226+ query += whereDbsQuery
2227+ values = inject .getValue (query , blind = False )
2228+ else :
2229+ values = ((conf .db , conf .tbl ),)
22172230
22182231 for foundDb , foundTbl in filterPairValues (values ):
22192232 foundDb = safeSQLIdentificatorNaming (foundDb )
@@ -2254,7 +2267,7 @@ def searchColumn(self):
22542267
22552268 query = rootQuery .blind .count
22562269 query += colQuery
2257- query += exclDbsQuery
2270+ query += whereDbsQuery
22582271 count = inject .getValue (query , inband = False , error = False , expected = EXPECTED .INT , charsetType = 2 )
22592272
22602273 if not isNumPosStrValue (count ):
@@ -2271,7 +2284,7 @@ def searchColumn(self):
22712284 for index in indexRange :
22722285 query = rootQuery .blind .query
22732286 query += colQuery
2274- query += exclDbsQuery
2287+ query += whereDbsQuery
22752288 if Backend .isDbms (DBMS .DB2 ):
22762289 query += ") AS foobar"
22772290 query = agent .limitQuery (index , query )
@@ -2345,16 +2358,16 @@ def searchColumn(self):
23452358 self .dumpFoundColumn (dbs , foundCols , colConsider )
23462359
23472360 def search (self ):
2348- if conf .db :
2349- conf . dumper . lister ( "found databases" , self .searchDb () )
2361+ if conf .col :
2362+ self .searchColumn ( )
23502363
2351- if conf .tbl :
2364+ elif conf .tbl :
23522365 conf .dumper .dbTables (self .searchTable ())
23532366
2354- if conf .col :
2355- self .searchColumn ( )
2367+ elif conf .db :
2368+ conf . dumper . lister ( "found databases" , self .searchDb () )
23562369
2357- if not conf . db and not conf . tbl and not conf . col :
2370+ else :
23582371 errMsg = "missing parameter, provide -D, -T or -C together "
23592372 errMsg += "with --search"
23602373 raise sqlmapMissingMandatoryOptionException , errMsg
0 commit comments